Written text

Written text

VOICE-OVER: The international trade in agricultural products is supervised
by the authorities of exporting and importing countries.

(An animation.)

Many consignments will only be accepted by the importing country
when an export certificate is available, to ensure safety,
as guaranteed by the authorities of the exporting country.
More and more of these certificates are exchanged electronically,
improving the quality and reliability of the documents significantly.
An essential aspect in this process
is the indisputability of the electronic certificates,
known in the cryptological meaning as ‘non-repudiation’.
This confirms to the authorities of the importing country
the identity of the sender, and that the information that has arrived is unchanged,
known as authenticity and integrity.
In the digital environment, we need a signature and verification system
to confirm these values.
To ensure the authenticity of the source,
the electronic certificate is signed with a digital signature.
We use asymmetric encryption, an electronic signature
that consists of a private and a public key.
The private key is secret and known to the sender only.
With this key, the sender locks a message before sending it electronically.
The receiver has the associated public key to unlock the message.
Once unlocked, the message can only be locked again
by the private key of the source.
So, when the receiver opens the message with the public key,
he can be sure who sent it.
Now, to ensure the identity of the sender,
a trusted third party, such as a notary, is used,
known as a Certificate Authority or CA,
who can confirm to the receiver, that the public key is indeed associated
with the identity of the sender.
To prove the integrity of the data on the certificate, we use a data hash,
a unique resume of the certificate that works as a fingerprint.
An algorithm uses the key data of the certificate
and mixes this in an unrecognisable format.
The algorithm works in a way, that even the smallest change in the original data
results in a very different data hash.
These ingredients can now be used in the communication between authorities.
First, an electronic certificate is created
in the national eCert-system of the exporting country,
linked to identification tokens of the consignment.
Then, this electronic certificate is signed by the sender.
We use the algorithm to create a data hash of the certificate.
This data hash is then locked, or signed, with the private key of the sender
and added to the electronic certificate,
which is called a ‘signed electronic certificate’.
At the receiver’s end, the signed certificate is unlocked with the public key,
and this reveals the data hash.
Now, the receiver takes the electronic certificate from the signed certificate,
and uses the algorithm to create the associated data hash
and then compares this with the one received from the exporting country.
If the data hashes are identical,
the integrity of the information in the certificate is intact,
and the information is original.
Of course, this system demands that the private key of the electronic signature
is kept safe, from generation until destruction.
Strict procedures, combined with technology,
are known as the ‘management of the keys’
and prevent disclosure or compromise of keys that have been,
are being or will be used.

(Holland’s coat of arms against a blue background, next to the text: Netherlands Food and Consumer Product Safety Authority, Ministry of Economic Affairs. On-screen text: More information: e-Cert.nl/ecertification.html)